SPARTA is a GUI application developed with Python and builds Network Penetration Testing Kali Linux tool. It simplifies the scanning and enumeration phase with faster results.
The best thing about the SPARTA GUI Toolkit it scans and detects the service running on the target port.
Also, it provides a Bruteforce attack for scanned open ports and services as a part of the enumeration phase.
Also Read: Most Important Network Penetration Testing Checklist
Installation
Please clone the latest version of SPARTA from GitHub:
git clone https://github.com/secforce/sparta.git
Alternatively, download the latest zip file here.
cd /usr/share/
git clone https://github.com/secforce/sparta.git
Place the "sparta" file in /usr/bin/ and make it executable.
Type 'sparta' in any terminal to launch the application.
The Scope of Network Penetration Testing Work:
- Organizations’ security weaknesses in their network infrastructures are identified by a list of hosts or targeted hosts and add them to the scope.
- Select menu bar – File > Add host(s) to scope
- The above figures show target Ip is added to the scope. Your network can add a range of IPs to scan.
- After adding Nmap scan will begin and the results will be very faster. now scanning phase is done.
Open Ports & Services:
- Nmap results will provide target open ports and services.
- The above figure shows that the target operating system, Open ports, and services are discovered as scan results.
Brute Force Attack on Open Ports:
- Let us Brute force Server Message Block (SMB) via port 445 to enumerate the list of users and their valid passwords.
- Right-click and Select the option Send to Brute. Also, select discovered Open ports and services on target.
- Browse and add dictionary files for Username and password fields.
- Click Run to start the Brute force attack on the target. The above Figure shows Brute force attack is successfully completed on the target IP and the valid password is Found!
- Always think failed login attempts will be logged as Event logs in Windows.
- Password changing policy should be 15 to 30 days will be a good practice.
- Always recommended to use a strong password as per policy.
- Password lockout policy is a good one to stop brute force attacks (After 5 failure attempts account will be locked)
- The integration of business-critical assets to SIEM( security incident & Event Management) will detect these kinds of attacks as soon as possible.
SPARTA is timing saving GUI Toolkit for pen-testers for the scanning and enumeration phase.SPARTA Scans and Bruteforce various protocols. It has many more features! Happy pentesting.
Looking for the Best WAF Solutions for your web applications environment?? Register for the Free WAF webinar & explore the expert’s thoughts and Choose the Best one.. Very limited seats available.. grab it here at ProPhaze.
You can follow us on Linkedin, Twitter, and Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.
Also, Read
Microsoft Launches Identity Bounty Program That Rewards Up to $100,000
